Friday, November 25, 2005

Passive Worms

A user must do something (generally open an email attachment containing the worm) before a passive worm becomes active. Obviously, a user probably wouldn’t launch a worm intentionally. So how, then, are passive worms unleashed? The answer is that a passive worm is really a Trojan horse with a worm contained in its payload. The user believes the Trojan horse is something other than what it really is.

Tempting users to open Trojan horses and other email attachments is known as social engineering. The goal is to create a ploy that will make most recipients open the Trojan horse and/or attachment. When working toward this type of goal, someone distributing a passive worm might ask himself, “What would make this attachment compelling enough to open?”

A passive worm with a good social engineering approach will trick many users into running the Trojan horse application, which might cause widespread damage. But if malware doesn’t have a sufficient social engineering edge, recipients will either not see a compelling reason to launch the attachment or be suspicious enough to view the attachment as some type of threat.